The National Party could be in trouble over its use of Budget information if it is found to have come from a hack of the Treasury website.
National leader Simon Bridges will not say how National got the information but has insisted it was not hacked from the Treasury's website.
The Treasury revealed today that 2000 unauthorised attempts had been made to hack its website in the past two days and referred the matter to police.
Digital business and internet lawyer Rick Shera told the Herald today that depending on how the Budget information was obtained, any party who had possession of it could be charged with receiving stolen property.
The Supreme Court decided in 2015, following the case of Queenstown bouncer Jonathan Dixon over his possession of CCTV footage of England captain Mike Tindall and a woman in 2011, that digital files were property.
"People who obtain the material from a hacker where they know the hacker didn't have the right to obtain that material could also themselves be in trouble," Shera said.
"You have a look at the sections in the Crimes Act about receiving and it just refers to receiving stolen property, property that's been obtained or stolen. A digital file is property so if you know that the person who's giving it to you didn't have the right to it, then you are receiving."
Shera said obtaining access to information that's not hidden by simply clicking on link would not be illegal, as in the 2012 case of journalist Keith Ng, who was able to access MSD computers through public kiosks.
"Once you're inside a system in an authorised way, then the fact that you obtain information that you weren't meant to see doesn't make it a crime, and you can use that information for a purpose other than that for which it was meant to be provided."
But Shera said the Dixon case had occurred since.
"The Supreme Court held that digital files are property. That's pretty important when you're thinking about a crime because, obviously, the Crimes Act deal with a lot of crimes relating to property. We can now say with confidence when looking at any section of the Crimes Act that if it refers to property, it also covers a digital file."
He said if Treasury Secretary Gabriel Makhlouf was correct about the Treasury website being the subject of more than 2000 unauthorised attempts to gain access, that was a clear definition of hacking.
"If you are attempting to break in to the system by brute-force attacks or using a computer system to try to guess thousands of passwords every second, all those technical measures, then clearly that's going to be hacking.
"It's someone trying to access the system who clearly has no authorisation to access it. That becomes a crime under Section 252, which is the unauthorised access provision of the Crimes Act.
"Clearly they didn't have authorisation to go there in the first place so the exception where you access it with authorisation and find something different, that wouldn't apply. There would be a crime there for whoever has done it."
Shera said there was also potentially a crime under the more serious provision of the Crimes Act, Section 249, which is accessing a computer system for a dishonest purpose.
"That section refers to, by virtue of doing it, receiving a benefit. That would be something the police would be investigating – did the person who accessed the system receive a benefit by virtue of doing that?"
Shera said the question of access to material by being in a website in an authorised way and then having access to other information because computers are linked had never come up in any New Zealand case law.
"These sections were put in in 2003 and they haven't really been looked at in any detailed form other than that Dixon case."
He referred to the penalties, which varied depending on the value of the property. They were only $500, $1000 or over $1000.
"You'd have to try to work out what were the digital files to do with the Budget worth."